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REMARKS/ARGUMENTS 

Claims 17-28 are pending after entry of this amendment. Claims 1-16 are 
canceled. New claims 17-28 are added. No new matter is believed added by the new claims. 

Original claims 1-7, 9, and, 13-16 were rejected under 35 U.S.C. Section 102 
based on U.S. Patent Application Publication No. 2004/0006704 to Dahlstrom. 

Original claims 8 and 10-12 were rejected under 35 U.S.C. Section 103 in view of 
Dahlstrom and f U.S. Patent Application Publication No. 2002/0040306 to Sugiyama et. al. 

Objection to Specification 

The Abstract is amended to remove the reference numbers. The Applicants 
believe that the Abstract, as amended, is now in compliance with Section 608.01(b) of the 
MPEP. The Applicants respectfully request reconsideration of the Abstract. 

Claim Objections 

Claims 15 and 16 were objected for informalities. Claims 15 and 16 are canceled, 
without conceding the merits of the objections or the art rejections. 

Claims Rejections under 35 U.S. C § 112 

Claims 10 and 1 1 were rejected as being indefinite for failing to particularly point 
out and distinctly claim the subject matter. Claims 10 and 1 1 are canceled, without conceding 
the merits of the Section 1 12 or Section 102 rejections. 

Claims Amendments 

Claims 1-16 have been canceled without prejudice or disclaimer and without 
conceding the merits of the substantive rejections. 

Independent claim 17 has been appended and claims substantially the subject 
matter of claims 1,5, and 8 as originally filed. 

Independent claim 18 has been appended and claims substantially the subject 
matter of claims 2, 5, and 8 as originally filed. 

Independent claim 18 has been appended and claims substantially the subject 
matter of claims 2, 5, and 8 as originally filed. 
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Independent claims 25 and 26 have been appended and are respectively claims 13 
and 14 as originally filed. 

Independent claims 27 and 28 have been appended and are correspond 
respectively to appended claims 17 and 18. 

No new matter has been added. 



Claim Rejections under 35 U.S.C S 103 

Claim 17 recites in part: 

. . .the fourth information processing apparatus has a compensation 
amount storage section for storing a compensation amount of 
insurance which an organization operating the second site has taken 
out and which compensates a loss occurring in a case where damage 
due to a threat is suffered. . . 

...the fourth information processing apparatus has an evaluation data 

reception section for receiving the evaluation data [which is based on threat data], and 

...the fourth information processing apparatus has a compensation amount 
setting section for resetting the stored compensation amount to the 
compensation amount determined in accordance with the evaluation 
data received by the evaluation data reception section. (Emphasis Added) 

This element in claim 17 is substantially similar to the element recited in original claim 8. The 

Examiner has acknowledged that Dahlstrom does not disclose this element. (Office action at 

page 6). To cure this deficiency, the Examiner suggested a combination with Sugiyama. 

Applicants respectfully traverse. 

Sugiyama discloses a method for insuring an on-line transaction such as email, 

web browsing etc. In the method disclosed by Sugiyama, the user has to choose from 

predetermined insurance amounts based on the activity that he/she wants to insure: 

The first input/output module 10 displays an insurance purchaser a 
set of predetermined activities that an insurance provider offers for insurance 
coverage. . .The insurance purchaser selects the activities to be covered and 
inputs the selected activities on the first input/output module 10. The second 
input/output module 12 displays an insurance purchaser a set of predetermined 
coverage amounts that an insurance provider offers for the Internet insurance. 
According to the preferred embodiment, the insurance purchaser selects the 
coverage amount for each of the selected insured activities and inputs the 
maximal coverage amount in the second input/output module 12. 
(Sugiyama at Paragraph [0024]; Emphasis Added) 
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In contrast, in accordance with claim 17, threats regarding a company as a whole 
and risks associated with the internet are evaluated before providing the insurance. "The 
evaluator creates an evaluation report by matching the information security policies obtained 
from the customer and the information on threats obtained from the threat information provider." 
(Specification at ]f [0066]). "The evaluator transmits the evaluation report to the customer and 
the insurer." (Specification at ]f [0067]). "The insurer audits whether the customer appropriately 
performs operation in accordance with the information security policies . . . , and creates an audit 
report in which the result is described. The insurer determines a compensation amount in 
consideration for the evaluation and audit reports." (Specification at ][ [0068]). This insurance 
compensation amount is recalculated if the risks changes. Thus, in the claimed embodiment, the 
compensation amount of insurance is dynamically determined . The Applicants assert that 
Sugiyama does not disclose "resetting the stored compensation amount to the compensation 
amount determined in accordance with the evaluation data [generated based on threat data]," as 
recited in claim 17. 

The Dahlstrom reference is silent as to resetting compensation amounts in 
accordance with evaluation data generated based on threat data. As explained above, Sugiyama 
is similarly silent as to resetting compensation amounts, teaching instead having fixed insured 
coverage for fixed predetermined activities. It logically follows, then, that the combination also 
fails to teach 

" the fourth information processing apparatus has a compensation amount 
setting section for resetting the stored compensation amount to the 
compensation amount determined in accordance with the evaluation 
data received by the evaluation data reception section." 

as recited in claim 17. 

The Examiner is respectfully reminded that: 

rejections on obviousness ... [require] some articulated reasoning with some 
rational underpinning to support the legal conclusion of obviousness. (MPEP §2142). 

Applicants submit that there is no support for a legal conclusion of obviousness because there is 
no rational basis for combining Dahlstrom and Sugiyama. 
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Dahlstrom discloses a method for determining security vulnerabilities. The 
security vulnerabilities are determined by "comparing the characteristics of each product to a 
plurality of product records, each product record including one or more security vulnerabilities 
associated with the product record and one or more fixes associated with each security 
vulnerability." (Dahlstrom at H [0006], see also [0068-0070]). Dahlstrom provides no basis 
for assigning a specific monetary amount to the damages caused in the event of a security 
breach, and more to the point, does not mention nor even suggest the notion of assigning a 
specific monetary amount to the damages. Consequently, there is no basis for looking to 
Sugiyama's teaching of assigning different insurance coverage for different activities. Therefore, 
no rational basis exists for combining Sugiyama with Dahlstrom in the manner proposed by the 
examiner to arrive at the claimed invention. 

Moreover, as noted above since neither reference teaches the claimed aspect of 
resetting compensation amounts based on evaluation of threat data, even if the references could 
be combined, their combination still fails to obtain the pending claims. Thus, claim 17 is 
allowable over Dahlstrom and Sugiyama, singly or in combination. Claims 18-21, which depend 
on claim 17, are also allowable for the reasons stated above and for the additional elements that 
they recite. 

Claim 23 recites elements substantially similar to the ones in claim 17. Hence 
claim 23 and its dependant claims 23-24 are allowable for the reasons stated in connection with 
claim 17 above. 

Claims 25 and 26 recite elements that are substantially similar to original claims 
13 and 14. Original claims 13 and 14 were rejected as being anticipated by Dahlstrom. 
Applicants respectfully traverse. 

As a threshold matter, the Examiner is reminded that: 

for anticipation under 35 U.S.C. 102, the reference must teach every aspect of the 
claimed invention either explicitly or impliedly. Any feature not directly taught must be 
inherently present. (MPEP § 706.02). 

Claim 25 recites in part: 

. . .wherein the second information processing apparatus 

has a policy data storage section for storing policy data which 
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is data indicating an information security policy operated on 
the second site... 

A review of Dahlstrom, and especially of the cited fflf ([0024] and [0025]), fails to 
reveal the element recited above. The Examiner is respectfully requested to point out where 
Dahlstrom teaches the element recited above. As best understood, Dahlstrom does not teach a 
policy data storage section having stored therein policy data regarding information security 
policy. 

Claim 25 further recites in pertinent part: 

the first information processing apparatus has an effective policy 
data extraction section for extracting a piece of policy data to which 
there is a piece of threat data corresponding in the threat data received 
by the threat data reception section, out of the policy data received by 
the policy data reception section, based on the correspondence data, and 
an evaluation data generation section for generating evaluation data in 
which the extracted policy data is described. 

The Examiner asserts that this element is disclosed by Dahlstrom, citing at least 
TfH [0071], [0072], and [0046]. Applicants respectfully traverse. A thorough review of the cited 
paragraphs fail to reveal any mention of a "extraction section" or "evaluation data generation 
section" at least as recited in claim 25. The Examiner is respectfully requested to point out 
where Dahlstrom teaches the element recited above. As best understood, Dahlstrom does not 
show an effective policy data extractor. 

In light of the failure of Dahlstrom to teach or suggest all the claim elements, 
claim 25 is in condition for allowance. 

Claim 26 recites in part: 

the first information processing apparatus has an untreated threat 
data extraction section for extracting a piece of threat data to which 
there is no piece of policy data corresponding in the policy data 
received by the policy data reception section, out of the threat data 
received by the threat data reception section, based on the correspondence 
data, and an evaluation data generation section for generating evaluation 
data in which the extracted threat data is described. 

The Examiner asserts that this element is disclosed by Dahlstrom, citing at least, 
paragraphs [0071], [0072], and [0046]. Applicants respectfully traverse. A thorough review of 
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the cited paragraphs fail to reveal any mention of a "untreated threat data extraction section" or 
"evaluation data generation section" at least as recited in claim 26. The Examiner is respectfully 
requested to point out where Dahlstrom teaches the element recited above. As best understood, 
Dahlstrom does not show a first information processing apparatus having an untreated threat data 
extraction section for extracting a piece of threat data. 

In light of the failure of Dahlstrom to teach or suggest all the claim elements, 
claim 26 is in condition for allowance. 

Claims 27 and 28 recite elements substantially similar to the ones in claim 17 and 
18, respectively. Hence claims 27 and 28 are allowable for the reasons stated in connection with 
claims 17 and 18 above. 

CONCLUSION 

In view of the foregoing, Applicants believe all claims now pending in this 
Application are in condition for allowance. The issuance of a formal Notice of Allowance at an 
early date is respectfully requested. 

If the Examiner believes a telephone conference would expedite prosecution of 
this application, please telephone the undersigned at 650-326-2400. 

Respectfully submitted, 

/George B. F. Yee/ 

George B. F. Yee 
Reg. No. 37,478 

TOWNSEND and TOWNSEND and CREW LLP 

Two Embarcadero Center, Eighth Floor 

San Francisco, California 941 1 1-3834 

Tel: 650-326-2400 

Fax: 415-576-0300 
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